DEV Community

loading...

Discussion on: React Authentication - Protecting and Accessing Routes/Endpoints

Collapse
namansamra profile image
namansamra

we do not use localStorage for checking token instead of that we take the token from the local storage and make a request to backend to check for the verification of token (like is it associated with some user's id in database) but I have a doubt like if I copy my friend's token and store that in my localStorage then I will be able to access the protected route so this might be security issue. Please correct me if I am saying anything wrong and any other strategy to check that. I am confused that in that case how should we verify the token? Thankyou.

Thread Thread
masharsamue profile image
Samuel Mashar

Yes that would definitely be an issue. How is this solved, i recently saw JWT-decode am still trying to figure out how to retrive an objectid from mongo, to delete, or edit . How do you achieve that, because on postman you copy the id and paste it there.

Thread Thread
masharsamue profile image
Samuel Mashar

I think the flaw issue is now resolved by the refresh token

Thread Thread
ebereplenty profile image
NJOKU SAMSON EBERE Author

Hey Samuel, if you are still looking for how to decode the JWT, my article might be of help. Check thies out: dev.to/ebereplenty/decoding-jasonw...